I just noticed I cannot login in my Jenkins.
How can I reset my password and access to my account again? I do not see any link to recover passwords and they seem to be hashed in the installation directory.
In How to reset password of Jenkins you have a set of tricks to make this happen. I based my solution on it, but it diverges in a certain point.
This is what I did to solve the issue:
Let's assume Jenkins' directory is stored in $JENKINS (in my machine this is /var/lib/jenkins/) and your username is user.
Allow signups by disabling disableSignup. This means editing $JENKINS/config.xml and setting this option to false:
<disableSignup>false</disableSignup>
Restart Jenkins (service jenkins restart).
Enter in Jenkins and register a new user, for example testuser, with the password being the one you want to set to your user user.
Extract the hashed password from $JENKINS/users/testuser/config.xml. You will see something like:
<passwordHash>#jbcrypt:$2a$10$PY7p4dxFiGSgJpxiNVTQDuJKAQ8pr9snDgQXaafogjErvgB0oC3qy</passwordHash>
Set the user's password to this one in <passwordHash>. That is, edit $JENKINS/users/user/config.xml and replace the password there to set the one above.
Disallow signups back by enabling disableSignup. That is, in $JENKINS/config.xml set the disableSignup option back to true:
<disableSignup>true</disableSignup>
Restart Jenkins again.
Note you can also replace the password directly by generating a jBCrypt. For example, in http://www.mindrot.org/projects/jBCrypt/ you can find some Java code for it.
A different approach for Windows that solved this issue for me:
In
C:\Windows\System32\config\systemprofile\AppData\Local\Jenkins\.jenkins\config.xml, change useSecurity to false.
The restart Jenkins, you will now get full access without login. Go to People, select the old admin user and delete the user.
Then set
<disableSignup>false</disableSignup>
and
<useSecurity>true</useSecurity>
Restart Jenkins again, and you will now be able to register again.
Finally
<disableSignup>true</disableSignup>
Related
I got an idea to use users password and a local key to decrypt a dm-crypt partition with user home directory (and to mount it as a home).
But here is a problem: how can I get such script to be executed? It should be executed after successful authorization but before actual login, and it should have access to freshly inputted password.
Does someone know where to put such script?
This is a pretty common problem with a simple solution -- you use pam module.
Here is one example:
https://wiki.archlinux.org/index.php/Dm-crypt/Mounting_at_login
Here are some details about my setup...
Current environment:
40+ *nix systems managed by 6 admins
Highly secure, closed network (no internet access)
Regularly audited (all account passwords must be changed every 90 days)
Current procedures:
Each administrator has a personal account with sudo access. These admin accounts are managed via Active Directory so password changes are not an issue
Root account is also active for specific circumstances (i.e. admin account is locked out)
When it comes time to change the root passwords, an admin will do so by SSHing into each system (40+)
I want to write a script to make the root password changing process more efficient and everything I've read indicates that the most secure way to go about it is by using public key authentication. So my question is: If I log in as root to SYSTEM_1 and set up the public/private key pairs between that system and SYSTEM_2, SYSTEM_3, etc, does that mean I will only be able to run the script from SYSTEM_1? Is this even a good idea security wise? Are there any other ways to script this that I am missing?
You can use RSA Authentication and expect script
Let's say you are executing expect script on system 1, create public-private key pair and store public key on all the other systems you have to login (system 2.....n)
Now you wont need a password when you ssh into those system.
Now you can use expect script to change password for either root or any other user.
NOTE : usually expect interpreter is at /usr/bin/expect
you can find this my doing "whereis expect"
I hope it helps.
Try to use this algorithm and post your results.
I am trying to create a application using innoscript. I need to create/edit registry information values in HKLM. Hence I need admin privileges to install the application.
However, if a non admin user try to install the application, innoscript require admin user password, once they enter the admin user password, whenever I query the registry in installation script (say, HKCU), it retrieves information from the admin user. But I would like to get information from the currently logged in user. As a result, program installed under the admin user location instead of current logon user account.
Is there a way to get current logon user user and user app data location from innoscript, when the application is started with Run as administrator or prompted admin user.
Awaiting your update.
Thanks,
The installer is not supposed to read or modify any per-user state (including HKCU) during a per-machine installation (and there is no way to do so reliably). You should instead make the application itself do this on first run (by trying to read the appropriate location and assuming default values if they were not found).
Remember, an application is installed once, but can then be run by several different users. This behaviour is essential.
An easy workaround is to move your logic to an executable instead of Pascal script. Then you can call this executable in [Run] section,
http://www.jrsoftware.org/ishelp/index.php?topic=runsection
Remember to mark the Run item as runasoriginaluser.
I have a website that uses Windows Authentication to authenticate its users. Normally when a user accesses the site on an IE browser the username field is populated with the computers domain name and user name. This is usually incorrect and the user enters the correct username and their password and can access the site.
I have a user now on Windows 7 IE8(I beleive) and the username field in the credential prompt is being autopopulated with domain\userName except the username is incorrect and we cannot change it. The user is unable to log into the site because of this. Has anyone experienced this before? Does anyone know why the username field cannot be changed? Solutions I have tried:
Clearing cache and stored form data/passwords etc
Site is in users trusted sites. So I had the user change the settings to "Prompt for username and password" but the prompt still comes up with the username autopopulated and does not let her change it.
I have never run into this before. Our users do not have any issue logging in, its just this one corporate location that was just set up and is running Windows 7(Rest of the company is under Windows XP) If it matters this is a sharepoint 2010 web application
Any help on this would be greatly appreciated as I have an entire group of users with this problem. Im willing to bet this would not be an issue in a different browser but they need to be able to use IE for application compatibility reasons.
Thanks!
I was able to fix it by doing the following:
Go to Start, Control Panel, User Accounts, then click Manage Your Credentials, and look for the credentials to your site, if they are there Modify and “Remove from vault” ( I suppose you could Edit them to the correct credentials but I just removed it and it did not prompt her).
She had the wrong credentials stored there. Im not sure why clearing the cache and passwords from the internet options didnt work but this did.
I had this problem with a user where the domain stored with the credentials could not be changed. This is the only item online I could find even close to my problem. The user saw "user-pcdomain\localusername" auto entered in the form. He tried to correct it with "workdomain\workusername" but got a message saying "Please enter a user name and password". Eventually we realized that his system was sending "user-pcdomain\workdomain" as his username. I've never seen a login misfire like that.
In his case he did not have his credentials stored but needed to add credentials - "workdomain\workusername" - for all of the domains he needed to access.
The point is - to expand on the answer - that IE or Windows 7 or both will store credentials incorrectly on rare occasions and the solution is be creative about adding\editing\remove credentials with Manage Your Credentials
I'm writing a module to force a user whose password has expired to renew its password. This app uses the acegi security plugin. After the expired credentials are detected, the user is redirected to a "insert a new password" page. However, when the form is submitted, the auth action is executed, instead of the desired one (renewPassword).
I suspect that this happens because the user is not logged in, so I was wondering if there exists a better approach for this.
For example, letting the user log in, but disabling its account until he/she refreshes his password.
Is this the right way to go? Can anyone share his/her experience ?
update
Come to think about it, as acegi is doing all the "check for expired credentials" work, I wont be able to log the user in and then change it, as I get an CredentialsExpiredException at authentication fail. So is there a way to do this?
Thanks in advance
I would suggest allowing the login, but setting a redirect flag in your code to push them to the password change page, so even if they try to change to another location in the site, it will push them back to the password change page. (I don't know how to code it in this language, as I've never used it, but it's how I would suggest to work around the seeming limitation)
finally solved it the "easy, not programmatic , conf. file" way.
In SecurityConfig.groovy I added an entry to the requestMapString
/login/renewpassword = IS_AUTHENTICATED_ANONYMOUSLY
This way, the renewpassword action inside the loginController can be executed without having the user logged in.
Thanks everyone for your time.